Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark.
This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.
Users are recommended to upgrade to version 2.1.6, which f
In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for e
Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalat
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with th
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner).
Local listening file permissions in APISIX plugin runner allow a local attacker to elevate pr
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know.
This issue affects Apache StreamPipes: through 0.95.1.
U
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas
Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can a
Incorrect Default Permissions vulnerability in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.2.2.
Users are recommended to upgrade to version 3.3.1, which fixes the i
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.
This issue affects Apache HertzBeat: before 1.6.1.
Users are recommended to upgrade to version 1.6.1, wh
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.
This issue affects Apache Avro Java SDK:
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via un
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are rec
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through
A vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
When issuing JSON Web Tokens (JWT), Apache StreamPark directly uses the user's password as the HMAC signing key (e.g., with the HS256 algorithm). An attacker can exploit this vulnerability to perform
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via un
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
This issue affects Apache DolphinScheduler vers
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can al
Page 1+ Next →